When Cyber Insurance Fails: Why Your Policy Claim Could Be Denied
Download MP3Episode Show Notes:
- This episode is a big wake-up call for companies that have or want to get cyber liability insurance.
- As an insured company, you must follow strict guidelines to maintain coverage, including keeping your systems updated and following proper cybersecurity procedures.
- Insurance companies set specific requirements you must meet to keep your cyber liability protection.
- Example case:
- A company suffered a hack and financial loss, then filed a claim.
- The insurer denied the claim because the company failed to follow basic security practices required in their policy.
- One key requirement was the use of Multi-Factor Authentication (MFA), which adds a security code besides just a password.
- Although the company’s application stated MFA was enabled, investigations revealed MFA was only used to protect their firewall and not other critical systems.
- The insurance company sought to rescind the policy, claiming they would not have issued it if they had known MFA was not fully implemented.
- This case highlights a loophole and the insurer’s effort to avoid paying claims when insured parties do not comply with stated security measures.
- Key takeaway:
- If your cyber liability insurer gives you specific requirements, follow them carefully.
- Using MFA and other security measures can prevent breaches and reduce claim disputes.
- Even if inconvenient, using MFA could have prevented the ransomware attack and the resulting claim denial.
- Misrepresenting or omitting facts on your insurance application can be considered material and lead to claim denial or policy rescission.
- This case happened in 2020, when hackers accessed an admin account due to lack of MFA.
- The insurer, Travelers, wants the court to declare the policy void and refuse payment of the claim.
- We invite you to share your thoughts:
- How would you handle this if you were the company or insurer?
- What lessons should businesses take from this event?
- Always get clear descriptions of your insurer’s cybersecurity requirements before accepting cyber liability insurance.
